Latest Cradlepoint Firmware Release Notes

Dec 4th 2018

Link to PDF ReleaseNotesCOCO7_0_10

Release Notes for Cradlepoint Rev 7.0.10 Firmware
Products supported/tested:
AER3100/AER3150
AER2200/AER2200-FIPS
AER2100
AER1600/AER1650
AP22
CBA850
CR4250
IBR1700/IBR1700-FIPS
IBR1100/IBR1150
IBR900/IBR950/IBR900-FIPS
IBR600B/IBR650B
IBR600C/IBR650C
IBR350
IBR200
New features added in this release (Not all features are in all
products – see their respective Data Sheets):
Improved the “Distance Interval” field to be independent of the “Stationary Event Threshold
(seconds)” field in GPS’s Send-to-Server, Send-to-Client, and Send-to-Serial configuration.
Prior to 7.0.10, “Distance Interval” would only report as configured if the “Stationary Event
Threshold (seconds)” and “Stationary Distance Threshold (meters)” were both non-zero. The
actual value of the “Stationary Event Threshold (seconds)” didn’t have any effect on the
Distance Interval reporting, other than it needed to be non-zero. This has been improved in
7.0.10, and the “Distance Interval” field will now report as configured. Note that if there is a
current configuration that has the “Distance Interval” field configured to a non-zero value,
and “Stationary Event Threshold (seconds)” and “Stationary Distance Threshold (meters)” are
also both non-zero, then GPS will report more often than it did in 7.0.0. In no case will GPS
report less often in 7.0.10 than it did in 7.0.0.
Added additional status for WiFi as WAN and Wireless Client connections.
CP Secure Web Filter Preview Mode: Policies can be applied in a “Preview” mode and the logs
reviewed to see what traffic would have been blocked or allowed based on that policy.
Multiple Local Networks per VLAN:
o Supported only on AER2200 platform.
o This feature allows more than one local network (Local IP Network in NCOS GUI) to
share the same VLAN interface.
Additional UI/Usability changes:
Removed excessive warnings with WiFi client connect alerts
Changed TX Power setting to reflect relative distance at which a particular signal level can be
achieved based on the percentage the user provides.
Defects fixed:
Fixed an issue where ECM does not allow setting DFS channels on an AP22
Increase the default proxy timeout to 60 seconds to fix an issue found when trying to use
LogMeIn to remotely manage devices connected to a router
When filling out forms in the CP Secure Web Filter UI on the router, pressing the cancel
button after editing would not always reset the form data properly
LP4. Resolved APN restoration under certain carrier reject conditions when using a Verizon
static IP SIM
Security issues:
Note: All customers are reminded that changing the default Administration (login) and WiFi
passwords
are necessary for router and network security. The default passwords are unique, but are
not as safe as a strong password that only you know. The security of the Internet depends on your
cooperation.
Product Line Test page has had a majority of the information available removed. The web
page is available on the router’s Admin LAN and it showed both the router’s Serial Number
and MAC address. As these are related to the router’s default password, they were removed.
At the same time, we removed a majority of the additional information from that page.
Additional information about this page is available in the Cradlepoint Connect portal on the
Product Line Test Disclosure page.

Known issues
Feature: Multiple Local Networks per VLAN
o Scenario:
Configuration change for a VRRP-enabled local network that is sharing a
VLAN interface to using a
dedicated VLAN interface.
o Potential problem:
This configuration change may result in loss of connectivity to that network.
o Customer Impact:
If that network is used for admin access, that access may not be available any
more.
Traffic carried through that network is disrupted.
o Workaround:
When making the above mentioned configuration change in ‘Scenario’:
a. Disable VRRP on the affected networks.
b. Make the desired configuration change.
c. Once the networks are up using their dedicated VLAN interface reenable VRRP.
o Recovery from the problem state:
Admin Access is still available from another network
Trigger a re-configuration of the local networks by making a nonfeature affecting change to any of the networks.
o For example:
change the name of a network and then restore it
back.
create a temporary local network and then delete it.
Admin access is not available from any other network
Reboot the router
Modems tested: (new 7.0.10 modems / modem platforms
are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Cradlepoint AER16x0LPE-SP / Sprint (USA)
Cradlepoint AER16x0LPE-VZ / Verizon (USA)
Cradlepoint AER16x0LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint AER22x0-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint AER2200-1200M / AT&T (USA)
Cradlepoint IBR2x0-10M-VZ / Verizon (USA)
Cradlepoint IBR2x0-10M-B-AT / AT&T (USA)
Cradlepoint IBR2x0-10M-C / Sprint (USA)
Cradlepoint IBR350L / Verizon (USA)
Cradlepoint IBR350LPE-AT / AT&T (USA)
Cradlepoint IBR350LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR350LPE-SP/ Sprint (USA)
Cradlepoint IBR350LPE-VZ / Verizon (USA)
Cradlepoint IBR350P2 / AT&T (USA); Generic GSM-compatible locations (World)
Cradlepoint IBR6x0B-LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR6x0C-LPE-AT / AT&T (USA)
Cradlepoint IBR6x0C-LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR6x0C-LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0C-LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0C-150M-B-EU / Generic operators (Europe)
Cradlepoint IBR6x0C-150M-C-AU / Generic operators (Australia)
Cradlepoint IBR900LPE-VZ / Verizon (USA); also certified on AT&T (USA), Sprint (USA), and Generic
(North America)
Cradlepoint IBR9x0LP5 / Generic (APAC)
Cradlepoint IBR9x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR9x0-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint IBR9x0-1200M / AT&T (USA)
Cradlepoint IBR11x0LPE-AT / AT&T (USA)
Cradlepoint IBR11x0LPE-GN / C-Spire, T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus
(Canada); Generic (North America)
Cradlepoint IBR11x0LPE-SP / Sprint (USA)
Cradlepoint IBR11x0LPE-VZ / Verizon (USA
Cradlepoint IBR11x0LP3-EU / Generic (Europe), Telstra (Australia)
Cradlepoint IBR11x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR1700-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint IBR1700-1200M / AT&T (USA)
Cradlepoint MC400L2 / Public Safety Band 14 only (USA)
Cradlepoint MC400LPE-AT / AT&T (USA)
Cradlepoint MC400LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada);
Generic (North America)
Cradlepoint MC400LPE-SP / Sprint (USA)
Cradlepoint MC400LPE-VZ / Verizon (USA)
Cradlepoint MC400LP3-EU / Generic (Europe)
Cradlepoint MC400LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint MC400LP5 / Generic (APAC)
Cradlepoint MC400LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Vodafone (Worldwide), Generic (North
America, Europe)
Cradlepoint MC400-600M-C / AT&T, FirstNet (USA)
Cradlepoint MC400-1200M / AT&T (USA)
3rd Party USB Cellular Modems
Franklin U770 (“Sprint Plug-In-Connect Tri-Mode USB Modem”) / Sprint (USA)
Franklin U772 (“Franklin U772 USB Modem”) / Sprint (USA)
Huawei E3276 / Telus (Canada)
Huawei E368 (“AT&T USBConnect Force 4G”) / AT&T (USA)
Netgear AC340U (“AT&T Beam”) / AT&T (USA)
Netgear AC341U (“NETGEAR® 341U USB Modem”) / Sprint (USA)
*supports Netgear firmware 4.07.01.11 and MR2 firmware 45.04.20.00
Novatel 551L LTE (“Verizon USB551L”) / Verizon (USA)
Novatel U620L (“Verizon MiFi© 4G LTE Global USB Modem U620L”) / Verizon (USA)
Novatel U679 (“4G LTE Novatel Wireless U679 Turbo Stick”) / Bell Mobility (Canada)
Novatel USB730L (“Verizon Global Modem USB730L”) / Verizon (USA)
Pantech UML295VW (“Verizon 4G LTE USB Modem UML2954G LTE”) / Verizon (USA)
*requires Pantech firmware version L0295VWD821F.B4 or later
Sierra Wireless 308 USB (“AT&T USBConnect Shockwave”) / AT&T (USA)
Sierra Wireless 313U (“AT&T USBConnect Momentum 4G”) / AT&T (USA)
Sierra Wireless 320U (“Telstra USB 4G (Sierra AirCard 320U)”) / Telstra (Australia)
Sierra Wireless 330U (“4G LTE Sierra Wireless U330 – Turbo Stick”) / Bell Mobility (Canada)
Sierra Wireless 330U (“LTE Rocket Stick – Sierra Wireless AirCard 330U”) / Rogers (Canada)
ZTE MF683 (“T-Mobile Rocket 3.0 4G Laptop Stick”) / T-Mobile (USA)
Release Notes for Cradlepoint Rev 7.0.0 Firmware
Products supported/tested:
AER3100/AER3150
AER2200/AER2200-FIPS
AER2100
AER1600/AER1650
AP22
CBA850
CR4250
IBR1700/IBR1700-FIPS
IBR1100/IBR1150
IBR900/IBR950/IBR900-FIPS
IBR600B/IBR650B
IBR600C/IBR650C
IBR200
IBR350
New features added in this release (Not all features are in all
products – see their respective Data Sheets):
Many Security changes are in the 7.0.0 NCOS release. They are detailed in the Security issues
section below.
Entitlement/Licensing changes. Routers and APs will no longer require a reboot when a new
Feature License is downloaded to the device.
AP Discovery added to AER2200-FIPS
Wireless packet capture on AP22
Additional UI/Usability changes:
Added T-Mobile static IP APN to automatic APN table
Ability to apply CP Secure Web Filter Policies to Multiple LANs
Corrected a misspelling in the CP Secure Webfilter UI
In CP Secure Webfilter UI, red triangles for ‘dirty’ cells on NEW policies didn’t account for a
sorted grid.
In the Static Route Editor, for clarity the “Allow Network Access” route option was renamed
to “Open Firewall for Network Access”
Defects fixed:
Signal Strength LEDs may not show up after boot on certain products
QoS DSCP tag error on IBR200 UI. DSCP is not supported on the IBR200 and the UI was
fixed.
USB mass storage device was unmounted after upgrade to 6.6.4
Configuration sync-suspended issue when WPA/WPA2 WiFi password was between 32-64
characters
General GNSS improvements, such as recovery of GPS data, centralized GNSS data store,
GLONASS satellite count, avoid fix overrun
Fixed First Time Setup wizard text inconsistencies
Modified temperature display to match temperature mitigation measurement
If the WAN isn’t up when CP Secure Web Filter tries to send a DNS request, sometimes those
requests get “stuck” and eventually cause the router to reboot. Added a timeout for those
requests.
When adding a new custom category for CP Secure Web Filter, add it to the categories of
each policy to make sure they will be filtered.
Upstream proxy settings in the UI allowed invalid entries
Webfilter blocked page wasn’t rendering correctly on iphone and mac devices
When setting up Hotspot services, the NAS/Gateway box was being incorrectly cleared when
loading a partner profile
CP Secure Web Filter UI did not properly handle the case when a network that was part of a
policy was deleted
Security issues:
Note: All customers are reminded that changing the default Administration (login) and WiFi
passwords
are necessary for router and network security. The default passwords are unique, but are
not as safe as a strong password that only you know. The security of the Internet depends on your
cooperation.
On a periodic basis we have a third party perform a security penetration test on our routers.
They made several recommendations to improve the security of the router and user
interactions.
NetCloud OS version 7.0.0 will change the default administration and WiFi passwords of
routers and APs produced after December 2018 to be the router’s Serial Number, not the
MAC address. This is a longer password and cannot be seen through a WiFi scan or on the
LAN connection. The Serial Number can only be seen through NCM, the router’s UI
Dashboard, or on the production sticker on the router.
The default password will not change
on existing routers, as the production sticker’s default password would be invalid
. Please use
NCM or the device’s UI to change the default password on the first login as prompted.
The default NCOS configuration would allow numerous failed authentication attempts
without locking out the administration account or banning the IP address of the attacker.
The capability to block this attack has been in NCOS for many years, but was not enabled by
default. Version 7.0.0 makes this blocking the default. It enabled Advanced Security Mode
and Ban IP Address on the System > Administration > Router Security UI page.
Devices shared the same SSL/TLS certificates and SSH host keys. Each product type (IBR1100,
AER1600, etc) shares the same certificates/keys which can be used for HTTPS and SSH
communication with the device (note that this is different than passwords). Each device will
now generate a unique SSH server host key upon initial boot/factory reset. This may cause a
warning if you have used SSH to connect to a device previously and the key has changed.
This is expected.
Known issues
Using the Webfilter feature prevents accurate application identification resulting in large
portions of traffic being classified as Not Available.
Modems tested: (new 7.0.0 modems / modem platforms
are in blue text
)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Cradlepoint AER16x0LPE-SP / Sprint (USA)
Cradlepoint AER16x0LPE-VZ / Verizon (USA)
Cradlepoint AER16x0LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint AER22x0-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint IBR2x0-10M-VZ / Verizon (USA)
Cradlepoint IBR2x0-10M-B-AT / AT&T (USA)
Cradlepoint IBR2x0-10M-C / Sprint (USA)
Cradlepoint IBR350L / Verizon (USA)
Cradlepoint IBR350LPE-AT / AT&T (USA)
Cradlepoint IBR350LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR350LPE-SP/ Sprint (USA)
Cradlepoint IBR350LPE-VZ / Verizon (USA)
Cradlepoint IBR350P2 / AT&T (USA); Generic GSM-compatible locations (World)
Cradlepoint IBR6x0B-LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR6x0C-LPE-AT / AT&T (USA)
Cradlepoint IBR6x0C-LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR6x0C-LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0C-LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0C-150M-B-EU / Generic operators (Europe)
Cradlepoint IBR6x0C-150M-C-AU / Generic operators (Australia)
Cradlepoint IBR6x0LPE-AT / AT&T (USA)
Cradlepoint IBR6x0LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic
(North America)
Cradlepoint IBR6x0LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0LP3-EU / Generic (Europe)
Cradlepoint IBR900LPE-VZ / Verizon (USA); also certified on AT&T (USA), Sprint (USA), and Generic
(North America)

Cradlepoint IBR9x0LP5 / Generic (APAC)
Cradlepoint IBR9x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR9x0-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint IBR11x0LPE-AT / AT&T (USA)
Cradlepoint IBR11x0LPE-GN / C-Spire, T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus
(Canada); Generic (North America)
Cradlepoint IBR11x0LPE-SP / Sprint (USA)
Cradlepoint IBR11x0LPE-VZ / Verizon (USA
Cradlepoint IBR11x0LP3-EU / Generic (Europe), Telstra (Australia)
Cradlepoint IBR11x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR1700-600M / AT&T (USA, Canada); Sprint, T-Mobile, Verizon (USA); Generic (Europe,
Australia, NZ)
Cradlepoint MC400L2 / Public Safety Band 14 only (USA)
Cradlepoint MC400LPE-AT / AT&T (USA)
Cradlepoint MC400LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada);
Generic (North America)
Cradlepoint MC400LPE-SP / Sprint (USA)
Cradlepoint MC400LPE-VZ / Verizon (USA)
Cradlepoint MC400LP3-EU / Generic (Europe)
Cradlepoint MC400LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint MC400LP5 / Generic (APAC)
Cradlepoint MC400LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Vodafone (Worldwide), Generic (North
America, Europe)
Cradlepoint MC400-600M-C / AT&T, FirstNet (USA)
3rd Party USB Cellular Modems
Franklin U770 (“Sprint Plug-In-Connect Tri-Mode USB Modem”) / Sprint (USA)
Franklin U772 (“Franklin U772 USB Modem”) / Sprint (USA)
Huawei E3276 / Telus (Canada)
Huawei E368 (“AT&T USBConnect Force 4G”) / AT&T (USA)
Netgear AC340U (“AT&T Beam”) / AT&T (USA)
Netgear AC341U (“NETGEAR® 341U USB Modem”) / Sprint (USA)
*supports Netgear firmware 4.07.01.11 and MR2 firmware 45.04.20.00
Novatel 551L LTE (“Verizon USB551L”) / Verizon (USA)
Novatel U620L (“Verizon MiFi© 4G LTE Global USB Modem U620L”) / Verizon (USA)
Novatel U679 (“4G LTE Novatel Wireless U679 Turbo Stick”) / Bell Mobility (Canada)
Novatel USB730L (“Verizon Global Modem USB730L”) / Verizon (USA)
Pantech UML295VW (“Verizon 4G LTE USB Modem UML2954G LTE”) / Verizon (USA)
*requires Pantech firmware version L0295VWD821F.B4 or later
Sierra Wireless 308 USB (“AT&T USBConnect Shockwave”) / AT&T (USA)
Sierra Wireless 313U (“AT&T USBConnect Momentum 4G”) / AT&T (USA)
Sierra Wireless 320U (“Telstra USB 4G (Sierra AirCard 320U)”) / Telstra (Australia)
Sierra Wireless 330U (“4G LTE Sierra Wireless U330 – Turbo Stick”) / Bell Mobility (Canada)
Sierra Wireless 330U (“LTE Rocket Stick – Sierra Wireless AirCard 330U”) / Rogers (Canada)
ZTE MF683 (“T-Mobile Rocket 3.0 4G Laptop Stick”) / T-Mobile (USA)



Leave a Reply